exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 4 discussion

Actual exam question from Microsoft's AZ-305
Question #: 4
Topic #: 1
[All AZ-305 Questions]

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?

  • A. Implement Azure AD Identity Protection.
  • B. Change the Membership type of Group1 to Dynamic User.
  • C. Create an access review.
  • D. Implement Azure AD Privileged Identity Management (PIM).
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
NotMeAnyWay
Highly Voted 2 months, 2 weeks ago
Selected Answer: C
Here's why: - An access review is an Azure AD feature that enables administrators to review group memberships and application assignments, and allows group members to confirm whether they still require access. This enables every member to report whether they need to be in Group1, and if they do not, the access review can be configured to remove them automatically. - An access review can be set up to repeat automatically every three months, as required by the scenario. - Changing the Membership type of Group1 to Dynamic User is not a suitable solution for evaluating the membership of a security group with assigned membership. Dynamic user groups are based on rules and criteria, and do not include manually assigned members. - Implementing Azure AD Identity Protection is not relevant to evaluating the membership of a security group. - Implementing Azure AD Privileged Identity Management (PIM) is used for managing access to privileged roles in Azure AD, and is not relevant to the scenario.
upvoted 9 times
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
Selected Answer: C
C is correct
upvoted 1 times
...
mhussey79
2 months, 2 weeks ago
Selected Answer: D
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan Provide just-in-time privileged access to resources Assign eligibility for membership or ownership of privileged access groups Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multifactor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit
upvoted 1 times
mhussey79
2 years, 7 months ago
im more looking for an answer of why its not D?
upvoted 1 times
JayBee65
2 years, 7 months ago
Privileged Identity Management (PIM) allows you to "Conduct access reviews to ensure users still need roles", which allow you to meet the requirements of the question. But it is the "access reviews" that is actually required, whether or not you Plan a Privileged Identity Management deployment.
upvoted 4 times
...
...
...
stonwall12
2 months, 2 weeks ago
Correct Answer - C: Access Review An access review in an Azure AD feature that allows an admin to evaluate and verify user access to certain roles and resources. Based on the question's requirements, with an Access Review, we can configure periodic evaluations, implement access notifications for end-users, and auto-revoke access. https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
upvoted 1 times
...
flash007
1 year, 3 months ago
access reviews are used for this question to check if the access is still required
upvoted 2 times
...
yonie
1 year, 7 months ago
Selected Answer: C
Correct answer - C
upvoted 1 times
...
eli117
1 year, 7 months ago
Selected Answer: C
C. Create an access review.
upvoted 1 times
...
ZUMY
1 year, 8 months ago
C is correct
upvoted 1 times
...
swetha_2022
1 year, 9 months ago
What is the correct answer B or C? what is the difference between these two options pls?
upvoted 1 times
...
jj22222
1 year, 9 months ago
Selected Answer: C
c is right answer
upvoted 1 times
...
zellck
1 year, 9 months ago
Selected Answer: C
C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview Access reviews in Azure Active Directory (Azure AD), part of Microsoft Entra, enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed regularly to make sure only the right people have continued access
upvoted 3 times
zellck
1 year, 9 months ago
https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/8-design-for-access-reviews To ensure employees and users always have the correct access, you can perform an access review. An Azure Active Directory access review is a planned review of the access needs, rights, and history of user access.
upvoted 2 times
...
...
OPT_001122
1 year, 10 months ago
Selected Answer: C
C. Create an access review.
upvoted 1 times
...
jj22222
1 year, 10 months ago
C looks right
upvoted 1 times
...
armpro
1 year, 10 months ago
Selected Answer: C
Answer: C Creating an access review will do the job Not option D. Self review is not possible in Privileged Identity Management.
upvoted 1 times
...
jennyka76
1 year, 10 months ago
https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview -ANSSWER - C
upvoted 1 times
...
Bummer_boy
1 year, 10 months ago
Selected Answer: C
C - no doubts
upvoted 1 times
...
janvandermerwer
1 year, 10 months ago
Selected Answer: C
C - Best answer by far.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...